In a mobile communications system, a smart card is mostly used to store information such as a user identity, a user authentication parameter (for example, a key), a user authentication algorithm, a user's address book and SMS data, and an operator's customized parameter, so as to facilitate inclusiveness of the user identity and user data and differentiated customization between operators. The smart card includes a SIM (Subscriber Identity Module, subscriber identity module) card, an USIM (Universal Subscriber Identity Module, universal subscriber identity module) card, an RUIM (Removable User Identity Module, removable user identity module) card, and the like.
In practical application, a user customizes a service from a mobile network operator, such as a mobile payment service. The mobile payment service needs a security chip for storing and managing a payment application and data (such as a user ID, a key, an attribute parameter, and a related application) that are highly security-demanding. The security chip may be placed on a handset board, a near field communication chip, or a secure digital memory card. Typically, the security chip is integrated into a smart card such as a universal integrated circuit card (Universal Integrated Circuit Card, UICC) and matches an independent security domain in the universal integrated circuit card, and is dedicatedly used to store and manage highly security-demanding applications and data that are related to payment and the like. The universal integrated circuit card further includes an embedded universal integrated circuit card (embedded Universal Integrated Circuit Card, eUICC). In order to enable the smart card to meet special requirements imposed on a terminal size, a terminal price, a physical characteristic or an electrical characteristic, and the like in some application scenarios and use environments, GSMA (Global System for Mobile communication Association, Global System for Mobile Communications Association) led by operators puts forwards requirements for the embedded universal integrated circuit card. The requirements for the eUICC at least include: creating subscription data of a mobile network operator (Mobile Network Operator, MNO) on the embedded universal integrated circuit card, and adding configuration information and a security domain that are related to a service to the subscription data of the mobile network operator on the embedded universal integrated circuit card, to manage a security domain that is used to store configuration information of a first service.
In a document of the European Telecommunications Standards Institute about the embedded universal integrated circuit card, a method for creating subscription data of a mobile network operator (Mobile Network Operator, MNO) on the embedded universal integrated circuit card is disclosed, and a specific practice is to create a profile on the embedded universal integrated circuit card for the mobile network operator. However, the disclosed technology part does not mention how to add configuration information and a security domain that are related to a newly subscribed service to a mobile network operator profile of the embedded universal integrated circuit card when a user newly subscribes to the service, and does not describe how to delete configuration information and a security domain that are related to an ended service from the mobile network operator profile of the embedded universal integrated circuit card when the user-subscribed service ends.
Therefore, no security domain management method can be learned, and the security domain that is used to store the service configuration information cannot be managed according to a service status of the user-subscribed service.